[dns-operations] The reverse for ::1 is signed as non-existant when it should be.
Mark Andrews
marka at isc.org
Fri Feb 17 00:55:40 UTC 2012
As per RFC 6303 this answer should not be signed. See IANA
Considerations. Please take steps to correct. This is breaking
validating stub resolvers and validating nameservers that forward
this request to a nameserver with default local zones configured.
Mark
; <<>> DiG 9.7.3-P3 <<>> -x ::1 +dnssec @f.ip6-servers.arpa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55367
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
ip6.arpa. 3600 IN SOA b.ip6-servers.arpa. hostmaster.icann.org. 2011024312 1800 900 604800 3600
ip6.arpa. 3600 IN RRSIG SOA 8 2 3600 20120224110410 20120216233058 62265 ip6.arpa. qFOGDbkcFhjwV9HmnZHz2yChr69z8OT/kZ2ZwTpDTe1uDDCCPuO373pF D59iqZDyxzxqYeZp3c1Lzkg/iIwaCFUQ1cuAECRwtIYFpZ8tQLxbBbef jfzhlYnZ1GeQvOCRf3I+GXn0yWfgLMyX32RuKmVMuLXZq5qDknd0cpT/ xkQ=
ip6.arpa. 3600 IN NSEC 2.0.1.0.0.2.ip6.arpa. NS SOA RRSIG NSEC DNSKEY
ip6.arpa. 3600 IN RRSIG NSEC 8 2 3600 20120224095006 20120216233058 62265 ip6.arpa. H1HqKB9JOZ6QWGDwacYFHvBtE4DFbxprikUm41yULffdQm+lDWD/k//T gdLvM3zObDp0s0IJxLwtkzI91AjampvRCZ0k4OgGXeiEICAJ/AvqGTIP j1f/4wFZ542z80PpLN0jTi98pCTE9LZRHxGvb0L8h7hWvsCr03te2ZEe zaE=
;; Query time: 311 msec
;; SERVER: 2001:67c:e0::2#53(2001:67c:e0::2)
;; WHEN: Fri Feb 17 11:43:50 2012
;; MSG SIZE rcvd: 550
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list